By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
PR GUY
[i]”But this raises a troubling question, could independent officials at Met have looked at this file, with all the references to deleting data etc, and conclude that there was nothing afoul? It staggers the mind.”[/i”
I’m wondering if this was the data excised from what was shown to the FOI officers at the University? Ie they pulled all of the questionable stuff into a side archive and tucked it out of the way. So when when the FOI officer checked things he didn’t see anything questionable.
Cheaters. All morning, Gavin Schmidt has been posting snarky comments into many posts on Real climate. He is a gubment worker and on the clock at NASA. He is cheating and moonlighting. this needs to be reported. We are his employer. It seems they forget who they work for. I fire workers for this and have the right to do so because our employee handbook calls for best work effort. He can sit there and run a gossip blog while the economy burns.
How do we report this abuse of employee time and responsibility?
# charles the moderator
What Gavin claims is difficult to assess. The “hack” posting at The Air Vent may have had a special twist, as the subject there was about “An open letter reply to a letter written to government by 18 different scientific organizations concerning climate change legislation” that criticizes the associations about climate terminology:
“Dear President or Executive Director,
How could it happen that more than a dozen of the most prestigious scientific associations signed and submitted this letter on ‘climate change’ without having ensured that the used terminology is sufficiently defined. Good science can and is required to work with reasonable terms and explanations…… Etc etc” http://noconsensus.wordpress.com/2009/11/13/open-letter/ or: http://www.whatisclimate.com/
This posting went online together with three other subject on November 13, with the comments under: “Gone for Several Days”. Why did FOIA chose the OPEN LETTER and not one of the other posting. The posting came as Comment 10 on Tuesday, November 17, at 9:57 pm. That may raise several questions:
__When was CRU hacked ?
__Is a hack, as claimed, into a different server supporting realclimate.org on Tuesday realistic?
__Is it reasonable to assume that choosing The Air Vent and the OPEN LETTER was a cheer coincident, or was it intentionally? One option would speak more for hackers, the other more for an insider.
At least the author of the OPEN LETTER made not distinction but just thanked FOIA for his/her contribution, Comment21, at: http://noconsensus.wordpress.com/2009/11/13/open-letter/ .
TO ALL–
BTW, a distinct lack of trolls on this thread. While the lack of trolls takes away some entertainment value, it leaves the comments to be all high quality thoughtful stuff. Back to the trolls, I think even they know this IS REALLY BAD for the Church of AGW.
chainpin (09:18:31) : “Something doesn’t add up.”
Perhaps an hourly employee or intern was assigned the task of selecting material for the FOI request, and not familiar with the history, was making the file available for members of ‘the Team’ for editing. Such would explain why the information contains all the e-mails as well as code, data, and whatever else. The comments about John Daley, the cartoon, and so on seem to be unrelated to the issues and data sought by SM at CA and others.
The actions (or inactions) of the CRU appear to be consistent with preventing further inquiries into their e-mail, etc. , as opposed to stopping, reversing, or even explaining what just happened. In other words, this was small potatoes. The real meat is still out there to be had. CRU would do anything to prevent further FOI releases, even if it meant giving up grant money, or losing key people. When one resorts to defending the indefensibile, the game is lost (just a matter of time).
I like to call us the BSM (Blog Stream Media).
There are a couple of posters who are on the right track here, I believe. The file was prepared in response to FOI requests, but was the repository for the items to be “lost”, an insider then decided that such subterfuge should not go unpunished and then followed Dr. Hansen’s advice and embarked on a little civil disobedience.
RealClimate has gone quiet for an hour or so. Perhaps Gavin is simply exhausted or perhaps nobody wants to get further tainted or perhaps there is some “big” news about to break. Or they could have all gone downstairs for lunch and a discussion about yesterday’s shellacking of the Jets by the Patriots!
Charles the moderator,
Some of your theory makes sense, but some does not. Why would Jones assemble a file containing emails that are at best embarrassing to him and his associates, and at worst indicative of criminal conduct because of FOI requests? If Jones recognized that he might have to ultimately respond to an FOI request for temperature data, then he would reasonably assemble that data in a single file, but not the damaging email messages and other files.
Whoever assembled the “random selection” of email messages, they had to have searched through quite a lot and eliminated all the personal stuff. “Hey, you want pizza tonight?”, or “Our grandson is sick, so I am staying ovenight to help.” is completely absent. They left only business related messages. Whoever this was, they clearly did not want to post other people’s personal lives on the internet. I think it odd for an outside ‘hacker” to show such sensibilities. Whoever this was, they focused on the real climate issues, not the chaff. (no pun intended :-))
Lucia has an interesting post that includes the above point.
So, it seems more likely to me that either:
1) Jones had assembled a series of damaging messages, raw data files, and documents in a single location so they could be quickly destroyed (for example, if an FOI request for raw data or emails was allowed). Then someone on the inside found the assembled files and thought they needed to be posted, or
2) Someone with network access (and maybe administrator authority) got hold of Jones’ password, poked around, copied a bunch of files that indicate unethical behavior, misconduct, and an overall bad attitude by Team members, and then posted the lot. Maybe the November 12 denial of the McIntyre’s FOI was the “last straw” for this person.
I lean heavily toward the later. Will we ever find out? I doubt it. The person who sent Steve McIntyre the raw temperature data does not appear to ever have been identified; I think it likely this recent posting was the same person.
I’ll bet the Team will be making more phone calls in place of email messages when the subject matter is (how shall we say) “sensitive” in nature.
DerHahn–
Agreed. Again congrats to Charles, his thoughts on this generated several comments along this line. Unfortunately, as a practicing lawyer I have encountered the bureaucratic mindset and protocols for 27 years, and Charles’ reasoning fits how agency staffs try to stonewall legitimate FOI requests. This will play out, the public will learn more. But it will take continuous push back against these professional bureaucrats and grant mongers.
This all hacking story appears to me much ado about noting. A lot of (blog)wind for a flatulation in a bottle. Nowhere, at any place can be read that the global warming AGW theory is set up by a bunch of conspiring senile or malicious would be scientist.
I have the impression the the e-mails reveal that the AGW scientist just are human beings. Sorry this is rather a negative story in the case of Antropogenic global waring critics. If these critics must build a case on theft and robbary…then they are no dime better than those who try to lie about some 10th of a centigrade more or less.
Brian Johnson uk (09:30:23) :
BBC Daily Politics had a discussion today about UEA/CRU and Andrew Neil – Presenter actually asked some skeptical questions.
Thanks Brian, we need more Andrew Neils- and another Robin Day.
“My belief is that this purged material was on a back-up/DR server, and the main servers have already had this material removed. ” Forgive my ignorance on such matters, but assume that your belief is true. Is it possible for an outsider both to download the file and then to delete it from the server? In other words, is it possible that briefly only the outsider had the file and that CRU had lost it completely?
Because, if so, CRU can’t really know whether the version that is now available to us all is complete and unaltered, can they?
Curiousgeorge (09:15:05) :
An on-air discussion of the issue on Fox this morning: http://www.youtube.com/watch?v=Qrkpp1Bf5zc&feature=channel . An Eco guy and a sceptic. Both calling for an investigation.
A reasoned debate with Chris Horner of CEI utterly shaming the opponent into calling for a full investigation. Horner also alluded to “a total of 165Mb of data,” 65 released and another 100Mb to come.
More dynamite?? Does CRU really want another 100Mb of inside information released for the entire world to see? Have they no sense of self preservation? If I were the Chancellor of UEA I would be sitting down to hard nosed discussion of how to prevent the next release. That would in all probability require CRU turning State’s evidence. If they continue to stonewall the window of forgiveness will close and they’ll be just another culprit in the cover-up. The Nixon syndrome.
Dr. Phil et al are going to be sacrificed sooner or later. Question is, by sacrificing them early-on can Chancellor Gough stay the release of even more damaging revelations??
I’m heading to WalMart for an air popper – getting too fat on the hot oil corn.
I just posted on this subject on my blog, here…
http://algorelied.com/?p=3222
An excerpt:
Charles
*** Andy Revkin is likely to post your 3rd proposal as soon as you submit it.*** See: Your Dot: On Science and ‘Cyber-Terrorism’: A climate scientist focuses on the cybercrime that divulged reams of emails on climate research.
If you computer searched files with a specific set of keywords you could well have generated the silly cartoon. It is the Harry file that is tough to figure out – unless it has the names of key players or proxies embedded in the comments.
News flash. OJ Simpson was out looking for the killer of Nicole and bumped into the Climate folks looking for the hackers. Big oil must have funded the hackers.
The hackers story is a bunny trail many are giving up on.
Regarding the provenance of the files in question: Trenbreth(sp?) admitted that the files contained only what was ‘helpful to skeptics’ and that only part of what was taken was actually released. I posted this is in Tips and Notes, and do not feel like retyping my thoughts on that.
Scenario #3 seems the most likely of them, and actually is pretty consistent with Trenbreth(sp?)’s public statement on ABC.
BBC radio 4 23/11/2009 short discussion with Lord Lawson and Dr. Robert Watson
http://www.bbc.co.uk/programmes/b00nxd1v
Approximately 1hr 34min into the broadcast.
Lord Lawson –
http://www.telegraph.co.uk/earth/environment/globalwarming/6634282/Lord-Lawson-calls-for-public-inquiry-into-UEA-global-warming-data-manipulation.html
Dr. Robert Watson –
http://www.uea.ac.uk/env/people/facstaff/watsonr
! hour ago:
http://www.uea.ac.uk/mac/comm/media/press/2009/nov/homepagenews/CRU-update
It is a matter of concern that data, including personal information about individuals, appears to have been illegally taken from the university and elements published selectively on a number of websites.
The volume of material published and its piecemeal nature makes it impossible to confirm what proportion is genuine. We took immediate action to remove the server in question from operation and have involved the police in what we consider to be a criminal investigation.
The material published relates to the work of our globally-respected Climatic Research Unit (CRU) and other scientists around the world. CRU’s published research is, and has always been, fully peer-reviewed by the relevant journals, and is one strand of research underpinning the strong consensus that human activity is affecting the world’s climate in ways that are potentially dangerous.
CRU is one of a number of independent centres working in this important area and reaching similar conclusions. It will continue to engage fully in reasoned debate on its findings with individuals and groups that are willing to have their research and theories subjected to scrutiny by the international scientific community. The selective publication of some stolen emails and other papers taken out of context is mischievous and cannot be considered a genuine attempt to engage with this issue in a responsible way.
The raw climate data which has been requested belongs to meteorological services around the globe and restrictions are in place which means that we are not in a position to release them. We are asking each service for their consent for their data to be published in future.
In addition to supporting the police in their enquiries, we will ourselves be conducting a review, with external support, into the circumstances surrounding the theft and publication of this information and any issues emerging from it.
Given the high proportion of embarassing content in this selection of e-mails, it makes more sense to me that this is their archive of information extracted from their main mail record, which, having been cleaned, would then be made available for inspection under any FOI request.
I guess they might reason that any data provided under such a request, if supplied voluntarily, would be not be subject to the same intense scrutiny as would be the case if it was extracted under duress, thus a few omissions would not be spotted.
Since some of the e-mails actively encouraged FOIA avoidance, the attempt to hide them must be worth a try because their discovery would not increase the penaties any further.
“I’m thinking this collection is more along the lines of “Stuff to be deleted in the event of an unfavorable ruling on the FOI request”.”
Sorry – I am a skeptic and read through Bishop’s list of most damaging posts. There is not a whole lot of “damage” there. The emails clearly reveal a “them verses us” mentality and a somewhat disciplined effort to control the news flow. I see nothing that is obviously illegal or clearly dishonest.
I find the notion that HATCRU would engage in a systematic coverup of an approved FOI request not credible. So I go with option 2 or 3 as well.
“the Church of AGW”: I really object to that. Surely Phil Jones is Chief Druid of the Henge of Global Warming?